On 21 November 2017 at 14:12, Luis Balbinot <l...@luisbalbinot.com> wrote:
> The DDoS protection factory defaults are very low in some cases. The > Juniper MX Series book has a nice chapter on that. Do you have an example? Most of them are like 20kpps, which ismore than you need to congest the built-in NPU=>PFE_CPU policer. I.e. they are massively too large out-of-the-box. I doubt anyone has configured them to sensible values, as it would be hundreds of lines of ddos-protection config, as you cannot set default values which apply to all of them and then more-specific ones to the ones you care. Correct configuration needs to manually configure each and every one, those which you don't need, as low as you want, like 10pps. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp